SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   Apple iTunes Vendors:   Apple
iTunes Buffer Overflow in Processing Album Cover Artwork Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1018658
SecurityTracker URL:  http://securitytracker.com/id/1018658
CVE Reference:   CVE-2007-3752   (Links to External Site)
Date:  Sep 6 2007
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 7.4
Description:   A vulnerability was reported in iTunes. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted music file that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.

David Thiel of iSEC Partners reported this vulnerability.

Impact:   A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued a fixed version (7.4), available at:

http://www.apple.com/itunes/download/

For Mac OS X:
The download file is named: "iTunes7.4.dmg"
Its SHA-1 digest is: 4422396fee3323cceab7d0ae83f47f7bedb21033

For Windows XP / Vista:
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: fefe391446a8d8010d0a26e9819e893a76319da6

The Apple advisory is available at:

http://docs.info.apple.com/article.html?artnum=306404

Vendor URL:  docs.info.apple.com/article.html?artnum=306404 (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (macOS/OS X), Windows (Vista), Windows (XP)

Message History:   None.


 Source Message Contents

Subject:  APPLE-SA-2007-09-06 iTunes 7.4

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2007-09-06 iTunes 7.4

iTunes 7.4 is now available and addresses the following security
issue:

CVE-ID:  CVE-2007-3752

Available for:  Mac OS X v10.3.9, Mac OS X v10.4.7 or later,
Windows XP /Vista

Impact:  Opening a maliciously crafted music file may lead to an
unexpected application termination or arbitrary code execution

Description:  A buffer overflow exists in iTunes when processing
album cover art. By enticing a user to open a maliciously crafted
music file, an attacker may trigger the overflow which may lead to an
unexpected application termination or arbitrary code execution. This
update addresses the issue by performing proper bounds checking.
Credit to David Thiel of iSEC Partners for reporting this issue.

iTunes 7.4 may be obtained from:
http://www.apple.com/itunes/download/

For Mac OS X:
The download file is named:  "iTunes7.4.dmg"
Its SHA-1 digest is:  4422396fee3323cceab7d0ae83f47f7bedb21033

For Windows XP / Vista:
The download file is named:  "iTunesSetup.exe"
Its SHA-1 digest is:  fefe391446a8d8010d0a26e9819e893a76319da6

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBRuAa5sgAoqu4Rp5tAQhhzQf+IUsBvtyevgAgy7aVXIOWfeojovkHOEvP
0oABybIxL1nNAJHnWGvVJPyc/04dhiUZxa+PFzwsBEU43ahFJDZ62/qRBWX9+AQo
W6sybcD0iGggNwPAtXwVvKF6ye7Y0h++UfE6dHcpLvAefmawsCuWy3wZ7a/6LmO9
lW75hn8wQZRxzNFDKqRjCSGJhzu0FOc9YMrutRmvlP9nxNbuvHJwjOTprOhlvGhQ
M3Mls3sPrUZNgxcUmceJFYNNNquMOEj4C5pWF+QpIqh3D0gt8/dpfawI7kPDHlyo
PAQhZLKE2pGG7yIxbDjaflYHFMxwGrVf6+KkyRz98inKwjT+6o80wA==
=pxHm
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC